From b8729de9daa925f45705e72861b4986b328e65e9 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Mon, 8 Sep 2014 08:25:06 -0700 Subject: Temporarily DISABLE multicast authentication (doing in branch, will reenable in dev) --- node/Network.hpp | 8 ++++++++ node/PacketDecoder.cpp | 14 ++++++++++---- node/Switch.cpp | 10 +++++++--- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/node/Network.hpp b/node/Network.hpp index cab41411..4fde934b 100644 --- a/node/Network.hpp +++ b/node/Network.hpp @@ -357,6 +357,14 @@ public: return std::set(); } + /** + * @return True if multicasts must be authenticated on this network + */ + inline bool authenticateMulticasts() const + { + return false; + } + /** * Shortcut for config()->permitsBridging(), returns false if no config * diff --git a/node/PacketDecoder.cpp b/node/PacketDecoder.cpp index 369eda7b..9fa9d93c 100644 --- a/node/PacketDecoder.cpp +++ b/node/PacketDecoder.cpp @@ -612,10 +612,16 @@ bool PacketDecoder::_doMULTICAST_FRAME(const RuntimeEnvironment *_r,const Shared // Check the multicast frame's signature to verify that its original sender is // who it claims to be. - const unsigned int signedPartLen = (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME - ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION) + frameLen; - if (!originPeer->identity().verify(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION,signedPartLen),signedPartLen,signature,signatureLen)) { - LOG("dropped MULTICAST_FRAME from %s(%s): failed signature verification, claims to be from %s",source().toString().c_str(),_remoteAddress.toString().c_str(),origin.toString().c_str()); - return true; + if ((!network)||(network->authenticateMulticasts())) { + // Note that right now we authenticate multicasts if we aren't a member of a + // network... have to think about whether this is mandatory. It mostly only + // matters for supernodes though, since ordinary peers are unlikely ever to + // see multicasts for networks they don't belong to. + const unsigned int signedPartLen = (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME - ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION) + frameLen; + if (!originPeer->identity().verify(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION,signedPartLen),signedPartLen,signature,signatureLen)) { + LOG("dropped MULTICAST_FRAME from %s(%s): failed signature verification, claims to be from %s",source().toString().c_str(),_remoteAddress.toString().c_str(),origin.toString().c_str()); + return true; + } } // Security check to prohibit multicasts that are really Ethernet unicasts... diff --git a/node/Switch.cpp b/node/Switch.cpp index dd4aec21..c00c9ef3 100644 --- a/node/Switch.cpp +++ b/node/Switch.cpp @@ -213,9 +213,13 @@ void Switch::onLocalEthernet(const SharedPtr &network,const MAC &from,c outp.append((uint16_t)data.size()); outp.append(data); - C25519::Signature sig(_r->identity.sign(outp.field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION,signedPartLen),signedPartLen)); - outp.append((uint16_t)sig.size()); - outp.append(sig.data,(unsigned int)sig.size()); + if (network->authenticateMulticasts()) { + C25519::Signature sig(_r->identity.sign(outp.field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION,signedPartLen),signedPartLen)); + outp.append((uint16_t)sig.size()); + outp.append(sig.data,(unsigned int)sig.size()); + } else { + outp.append((uint16_t)0); + } // FIXME: now we send the netconf cert with every single multicast, // which pretty much ensures everyone has it ahead of time but adds -- cgit v1.2.3 From ea0f836ef178fb4b6d0841cbd612a7a3abfdfff4 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Mon, 8 Sep 2014 14:33:12 -0400 Subject: Turns out we do want to propagate packets unauthenticated in the supernode case. This is fine. --- node/PacketDecoder.cpp | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/node/PacketDecoder.cpp b/node/PacketDecoder.cpp index 9fa9d93c..82199a4e 100644 --- a/node/PacketDecoder.cpp +++ b/node/PacketDecoder.cpp @@ -610,13 +610,12 @@ bool PacketDecoder::_doMULTICAST_FRAME(const RuntimeEnvironment *_r,const Shared } } - // Check the multicast frame's signature to verify that its original sender is - // who it claims to be. - if ((!network)||(network->authenticateMulticasts())) { - // Note that right now we authenticate multicasts if we aren't a member of a - // network... have to think about whether this is mandatory. It mostly only - // matters for supernodes though, since ordinary peers are unlikely ever to - // see multicasts for networks they don't belong to. + // Authenticate multicasts for networks that require this -- note that the only + // nodes that will ever see multicasts for networks they don't belong to are + // supernodes, and in this case not authenticating is not a big deal. When nodes + // that are members see packets with failed authentication they will drop them + // and they will no longer propagate. + if ((network)&&(network->authenticateMulticasts())) { const unsigned int signedPartLen = (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME - ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION) + frameLen; if (!originPeer->identity().verify(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION,signedPartLen),signedPartLen,signature,signatureLen)) { LOG("dropped MULTICAST_FRAME from %s(%s): failed signature verification, claims to be from %s",source().toString().c_str(),_remoteAddress.toString().c_str(),origin.toString().c_str()); -- cgit v1.2.3